From 3ab67b23b66831dc49e6ecd0a346a8b9b52cbdce Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Tue, 28 Jul 2020 11:56:03 +0200 Subject: [PATCH] fix: Avoid issues with the attribute value field name - The module setup allows 'value1' as attribute value field name, but we want to make sure that users passing standard misp format with 'value' instead, will not have issues, as well as keeping the current setup --- .../modules/expansion/sophoslabs_intelix.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/misp_modules/modules/expansion/sophoslabs_intelix.py b/misp_modules/modules/expansion/sophoslabs_intelix.py index 6c6204a..38d4293 100644 --- a/misp_modules/modules/expansion/sophoslabs_intelix.py +++ b/misp_modules/modules/expansion/sophoslabs_intelix.py @@ -113,12 +113,18 @@ def handler(q=False): if attribute['type'] not in misp_types_in: return {'error': 'Unsupported attribute type.'} client = SophosLabsApi(j['config']['client_id'], j['config']['client_secret']) - if j['attribute']['type'] == "sha256": - client.hash_lookup(j['attribute']['value1']) - if j['attribute']['type'] in ['ip-dst', 'ip-src', 'ip']: - client.ip_lookup(j["attribute"]["value1"]) - if j['attribute']['type'] in ['uri', 'url', 'domain', 'hostname']: - client.url_lookup(j["attribute"]["value1"]) + mapping = { + 'sha256': 'hash_lookup', + 'ip-dst': 'ip_lookup', + 'ip-src': 'ip_lookup', + 'ip': 'ip_lookup', + 'uri': 'url_lookup', + 'url': 'url_lookup', + 'domain': 'url_lookup', + 'hostname': 'url_lookup' + } + attribute_value = attribute['value'] if 'value' in attribute else attribute['value1'] + getattr(client, mapping[attribute['type']])(attribute_value) return client.get_result()